Most software under active development changes extremely often—perhaps even multiple times each day—which is typically the case for widely-used open source software. As a result, frequent changes to these projects may introduce new and beneficial features or eliminate bugs, though other changes may introduce other unwanted behaviors, such as security vulnerabilities. Likewise, such problems also occur in non-open source software projects, especially those for complex systems, projects involving many developers, etc.
Thus, it is extremely difficult for users and organizations—especially those with extremely sensitive or mission-critical systems—to be able to keep any open-source software it utilizes up to date, which may result in old, vulnerable versions of software continuing to be used until newer releases can be verified to be safe for use. Moreover, some users who require high assurance may be hesitant to depend on open-source software due to its often unpredictable and evolutionary growth, and thus the potential benefits of code reuse are not able to be realized.